Method for making secure transactions

ABSTRACT

The invention concerns a method for carrying out a transaction comprising prior steps of identifying the card by reading its number and authenticating the bearer optionally by writing in the secret code using a keyboard. The invention is characterised in that the secret code and/or the card number, comprise(s) in a specific position at least a character modified at each transaction. The modified character(s) (n) of the secret code and/or the card is/are modified in accordance with at least a character of a predetermined parameter.

The invention concerns a method for securing transactions performed withcards provided with an owner identification number and protected by asecret code for certain operations.

Banking or commercial transactions performed with cards, wherein theidentification of the user is ensured by a card number and possiblyconfirmed by a secret code, are commonly used today. These cards canhave a chip and/or a magnetic strip or other data storage means. Theycan even be virtual.

Protection by secret code normally ensures the identification of theuser who, theoretically, is the only one who knows this code. But thereare transactions in which a secret code cannot be used, particularly intelephone or minitel commerce.

There are several other possible protection methods, includingbiometrics (fingerprints, the iris of the eye, voice, etc.) but thesecret code number is still the easiest to apply and is therefore theone that has been chosen for “consumer” transactions.

Unfortunately, it is still possible for a third party to learn thenumber of the card, for example during the transaction, when this numberhas to be communicated, and the secret code can still be detected duringits entry, particularly at automated teller machines on the street. As aresult, if the card is stolen, it is possible to use it and to performtransactions as long as the theft is not recorded in banks' computers.

The object of the invention is to eliminate these drawbacks by means ofa method that ensures the secrecy of at least one character of the cardnumber and/or at least one character of the secret code by modifyingthese characters with each transaction.

This object is achieved according to the invention in that the cardnumber and/or the secret code comprise(s), in predetermined positions,at least one character that is modified with each transaction;

-   -   the modified character(s) of the card and/or the secret code        is/are each modified as a function of at least one character of        at least one predetermined parameter.

According to another particular embodiment of the invention, themodifiable character(s) of the card number and/or the secret code aremodified as a function of the same character(s) of the predeterminedparameter(s). It is possible to modify only one number of the cardand/or only one number of the secret code.

This parameter can be furnished by an event, such as the amount of aprevious transaction, a transaction date or another date, the identifierof the merchant with which the transaction was performed, or any otherevent that is random in nature, chosen with the institution handling thetransaction.

In the case where said parameter is the amount or the date of a previoustransaction, it can be for example the next-to-last transaction.

In order to secure the transaction more effectively, the character(s) ofthe card number and/or the secret code can be modified by means of afunction that acts on the chosen parameter.

In order for the method to be applicable, the user of the card agreeswith the institution handling the latter on the following points;

-   -   The previous parameter(s) to be used;    -   The rank of the digit(s) of the parameter derived from the        previous event(s) to be used;    -   The number of characters of the card number to be varied;    -   The rank of the character(s) of the card number to be varied;    -   The number of characters of the code that may possibly be        varied;    -   The rank of the character(s) of the secret code that may        possibly be varied.

Preferably, in the case where a previous transaction is used as theevent that furnishes the parameter, it is the next-to-last transaction.

In essence, it is easy for a third party present during transactions tolearn the amounts of them, particularly in the case of a withdrawal froman automated teller machine. It is more difficult to learn the amount ofthe transaction performed the time before.

According to a particular characteristic of the invention, a secondsecret code is used for telecommunications transactions, all thecharacters of which are changed with each transaction as a function ofone or more predetermined parameter(s).

In essence, it is necessary, in the context of these transactions, toprotect oneself against an interception of the transmission of the code.To do this, one uses this second code. The second code is changed aftereach transaction, even if the latter has not been validated by theinstitution handling the cards.

The figure schematically represents the positions of the characters of acard number and a secret code in an exemplary embodiment of theinvention in which a single character of the number and the code isreplaced by the same character of a single previous transaction.

The characters of the card number and the secret code are represented byan A, except for one of them, the variable character, which isrepresented by an N. The amount of the previous transaction (the eventchosen) is represented by Xs, except for one of the characters, which isalso represented by an N.

A previous transaction, for example the next-to-last one, involved thesum of 356£.

By arrangement with the institution handling the card, it is thehundreds digit of this transaction that should be used to replace thevariable character of the card and that of the code. Also byarrangement, it is for example the next-to-last character that should bereplaced.

The transaction proceeds as follows:

The user of the card inserts his card into the machine recording thetransaction. The machine reads the number of the card, except for thenext-to-last number, and asks that the latter be re-entered. The userwill then type in 3.

The number of the card is therefore now

AAAAA . . . A3A.

The machine then requests the secret code, which is typed in by theuser.

AA3A.

The transaction can then be performed.

As a result of the method according to the invention, the holder of thecard as well as the institution handling this card are assured that incase of theft, the fraudulent use of the card will be, if notimpossible, at least extremely difficult, since the user has to know notonly the secret code but, in the case where a previous transaction hasbeen chosen:

-   -   the amount of the previous transaction;    -   the digit or digits of this transaction to be used;    -   the chronological order of this transaction (last, next-to-last,        etc.);    -   the rank of the character or characters of the code to be        replaced.

In order to facilitate the memorization of these digits by a user whomakes only withdrawals and small purchases in stores, it is preferablethat only one digit be used, as in the example described above, and thatit be the same for the card number and for the secret code, when one isused.

In the case according to the preceding example, where the key digit ofthe next-to-last transaction is the same as that of the last one, it ispossible to provide according to the invention for the variablecharacter to be replaced by this digit increased by an agreed-uponfigure, for example 1.

Thus, in our example, if the last transaction has the same hundredsdigit as the next-to-last one, the variable character will be replacedby a 4 instead of a 3.

It is also possible to provide, according to the invention, for thereplacement character(s) to be obtained by means of a function that actson the chosen characters of the previous events, in order to furthersecure the operation and facilitate memorization.

Furthermore, in order to facilitate the generation of new numbers and/orcodes for the user by means of the function, the latter can be executedin all of the automated machines using the card and in any securenetwork.

1-12. (canceled)
 13. A method for performing secure transactions involving an account provided with an owner identification number, said transactions including the steps of identifying said account via a telecommunications transaction for communication of said identification number, said transactions being the type in which the identification number of said account comprises, in positions predetermined by arrangement with the institution handling the transactions, at least one character that is modifiable with each of a sequence of transactions, and modifying said character as a function of at least one character of at least one predetermined parameter, and being characterized in that said predetermined parameter is an element of at least one event that is random in nature, chosen by agreement with said institution for securing said transaction.
 14. A method as defined in claim 13 including a further step of selecting a previous transaction as said event that is random in nature for facilitating memorization of said owner.
 15. A method as defined in claim 13 including a further step of selecting an identifier of a merchant involved in said transaction as said event that is random in nature for further securing said transaction.
 16. A method according to claim 13 characterized in that said function acts on a parameter that depends on the location, the merchant, or the terminal at which said transaction is performed.
 17. A method according to claim 13 characterized in that said function acts on at least two parameters, each depending on a different event.
 18. A method for performing secure transactions involving an account provided with an identification number and a secret code, said transactions including the steps of identifying said account via a telecommunications transaction for communication of said identification number and said secret code, said transactions being the type in which the identification number of said account comprises, in positions predetermined by arrangement with the institution handling the transactions, at least one character that is modifiable with each of said transactions, and modifying said character as a function of at least one character of at least one predetermined parameter, and being characterized in that said predetermined parameter is an element of at least one event that is random in nature, chosen by agreement with said institution for securing said transaction.
 19. A method according to claim 18 including the step of using a second secret code for telecommunication transactions the characters of which are changeable with each transaction as a function of one or more of said predetermined parameters.
 20. A method for performing secure transactions involving an account provided with an owner identification number, said transactions including the steps of identifying said account via a telecommunications transaction for communication of said identification number, wherein the institution handling said transactions introduces new characters differing from the characters of said identification number for facilitating a secure transaction,
 21. A method according to claim 20 wherein said new characters are random in nature.
 22. A method according to claim 20 wherein said new characters are correlated with the date of said transaction.
 23. A method according to claim 20 wherein said new characters are correlated with the amount of said transaction.
 24. A method according to claim 20 wherein said new characters are correlated with the date and the amount of said transaction.
 25. A method according to claim 21 wherein said new characters are correlated with the date of said transaction.
 26. A method according to claim 21 wherein said new characters are correlated with the amount of said transaction.
 27. A method according to claim 21 wherein said new characters are correlated with the date and the amount of said transaction. 